The National Infrastructure Protection Center (NIPC) issued a warning today, reminding users of long-known attacks still being used to penetrate numerous e-commerce-based Web sites. The problems pertain to permission settings and the Remote Data Services (RDS) functionality of Microsoft's Internet Information Server (IIS). NIPC originally cautioned users about the severity of the issues on December 1, 2000, and Microsoft issued security bulletins MS98-004, MS99-025, MS00-008, and MS00-014 in response to the original intrusion method discoveries.
According to a press release issued by the US Department of Justice, the intruders are of east European origin--specifically Russia and the Ukraine--and have victimized more than 40 online systems in 20 different states to steal over a million credit card numbers and other sensitive customer information. The FBI and US Secret Service are investigating the matter. Fourteen FBI field offices and seven US Secret Service field offices are involved in the investigation.
According to the FBI, once these intruders download databases from victims' sites, they proceed to contact the site owners (by fax, email, or telephone) to make a veiled extortion attempt. The intruders allege that without their help other intruders will be able to gain access and post stolen data online for the public to see. When the victims do not comply by hiring the intruders, the threats become less veiled and more severe.
The FBI said that there is evidence that a company's data is at risk whether they comply with the extortionists or not. The FBI suspects that the group might have ties to organized crime.
IIS users are urged to review the NIPC warning for details. The warning also contains a list of programs that have been found on some of the systems compromised to date. Existence of these files on your system might indicate a previous intrusion. Readers are also advised to review the above-mentioned Microsoft security bulletins to ensure their systems are not vulnerable to these particular attacks.
